DIGIT Core
PlatformDomainsAcademyDesign SystemFeedback
2.8
2.8
  • ☑️Introducing DIGIT Platform
    • DIGIT - Value Proposition
  • Platform
    • 🔎Overview
      • Principles
      • Architecture
        • Service Architecture
        • Infrastructure Architecture
        • Deployment Architecture
      • Technology
        • API Gateway
        • Open Source Tools
      • Checklists
        • API Checklist
        • Security Checklist
          • Security Guidelines Handbook
          • Security Flow - Exemplar
        • Performance Checklist
        • Deployment Checklist
      • UI Frameworks
        • React UI Framework
    • 🔧Core Services
      • Workflow Service
        • Setting Up Workflows
        • Configuring Workflows For An Entity
        • Workflow Auto Escalation
        • Migration To Workflow 2.0
      • Location Services
      • User Services
      • Access Control Services
      • PDF Generation Service
      • MDMS (Master Data Management Service)
        • Setting up Master Data
          • MDMS Overview
          • MDMS Rewritten
          • Configuring Tenants
          • Configuring Master Data
          • Adding New Master
          • State Level Vs City Level Master
      • Payment Gateway Service
      • User Session Management
      • Indexer Service
        • Indexer Configuration
      • URL Shortening Service
      • XState Core Chatbot
        • Xstate-Chatbot Message Localisation
        • XState-Chatbot Integration Document
      • NLP Engine Service
        • NLP Chatbot
      • SMS Template Approval Process
      • Telemetry Service
      • Document Uploader Service
      • Notification Enhancement Based On Different Channel
      • Report Service
        • Configuring New Reports
          • Impact Of Heavy Reports On Platform
          • Types Of Reports Used In Report Service
      • SMS Notification Service
        • Setting Up SMS Gateway
          • Using The Generic GET & POST SMS Gateway Interface
      • Survey Service
      • Persister Service
        • Persister Configuration
      • Encryption Service
        • Encryption Client Library
        • User Data Security Architecture
        • Guidelines for supporting User Privacy in a module
      • FileStore Service
      • ID Generation Service
      • Localization Service
        • Configuring Localization
          • Setup Base Product Localization
          • Configure SMS and Email
      • Email Notification Service
      • Searcher Service
      • Zuul Service
      • User OTP Service
      • OTP Service
      • Chatbot Service
      • National Dashboard Ingest
        • National Dashboard API Performance Testing Specs and Benchmark
        • National Dashboard: Steps for Index Creation
        • National Dashboard Adaptor Service
          • Deployment of Airflow DAG
          • Trigger Airflow DAG
          • Configure Airflow
          • Insert & Delete Data - Steps
          • Important Links & Credentials
          • Code Structure
          • KT Sessions
          • Pre-requisites For Enabling Adaptor
        • Revenue Maximisation
      • Audit Service
        • Signed Audit Performance Testing Results
      • Service Request
      • Self Contained Service Architecture (HLD)
      • Accelerators
        • Inbox Service
    • ✏️API Specifications
      • User
      • Access Control
      • Employee
      • Location
      • Localisation
      • Encryption
      • Indexer
      • File Store
      • Collection
      • DSS Ingest
      • HRMS
      • National Dashboard Ingest
      • WhatsApp Chatbot
      • Master Data Management
      • ID Generation
      • URL Shortner
      • Workflow Service
      • Workflow v2
      • Document Uploader Service
      • OTP Service
      • Reporting Service
      • PDF Generation Service
      • Payment Gateway Service
    • 🔐Data Protection & Privacy
      • Data Protection & Privacy Definitions
      • Legal Obligations For Privacy - eGov
      • Data Protection & Privacy - Global Best Practices
      • Guidelines
        • Platform Owner Guidelines
        • Implementing Agencies Guidelines
        • Admin Guidelines
        • Program Owner Guidelines
        • Data Security and Data Privacy
      • Data Privacy Policy Templates
        • eGov Data Privacy Policy
        • Implementing Agency Privacy Policy
        • Admin & Program Owner Privacy Policy
        • Supporting Agency Privacy Policy
      • Global Standards For All Roles
    • ▶️Get Started
      • Install DIGIT
      • Access DIGIT
      • Sandbox
      • Training and Certification
        • Training Resources
    • ⚒️Integrations
      • Payment
      • Notification
      • Transaction
      • Verification
      • View
      • Calculation
    • 🛣️Roadmap
    • 🎬Open Events
    • 👩‍💻Source Code
    • 👁️Project Plan
    • 📋Discussion Board
    • 🤝Contribute
  • Guides
    • 📓Installation Guide
      • DIGIT Deployment
      • Quick Setup
        • DIGIT Installation on Azure
        • DIGIT Installation on AWS
      • Production Setup
        • AWS
          • 1. Pre-requisites
          • 2. Understanding EKS
          • 3. Setup AWS Account
          • 4. Provisioning Infra Using Terraform
          • 5. Prepare Deployment Config
          • 6. Deploy DIGIT
          • 7. Bootstrap DIGIT
          • 8. Productionize DIGIT
          • FAQ
        • Azure
          • 1. Azure Pre-requisites
          • 2. Understanding AKS
          • 3. Infra-as-code (Terraform)
        • SDC
          • 1. SDC Pre-requisites
          • 2. Infra-as-code (Kubespray)
          • CI/CD Setup On SDC
        • CI/CD Set Up
          • CI/CD Build Job Pipeline Setup
        • Prepare Helm Release Chart
        • Deployment - Key Concepts
          • Security Practices
          • Readiness & Liveness
          • Resource Requests & Limits
          • Deploying DIGIT Services
          • Deployment Architecture
          • Routing Traffic
          • Backbone Deployment
    • 💽Data Setup Guide
      • User Module
      • Localisation Module
      • Location Module
    • 🚥Design Guide
      • Model Requirements
      • Design Services
      • Design User Interface
      • Checklists
    • ⚒️Developer Guide
      • Pre-requisites Training Resources
      • Backend Developer Guide
        • Section 0: Prep
          • Development Pre-requisites
          • Design Inputs
            • High Level Design
            • Low Level Design
          • Development Environment Setup
        • Section 1: Create Project
          • Generate Project Using API Specs
          • Create Database
          • Configure Application Properties
          • Import Core Models
          • Implement Repository Layer
          • Create Validation & Enrichment Layers
          • Implement Service Layer
          • Build The Web Layer
        • Section 2: Integrate Persister & Kafka
          • Add Kafka Configuration
          • Implement Kafka Producer & Consumer
          • Add Persister Configuration
          • Enable Signed Audit
          • Run Application
        • Section 3: Integrate Microservices
          • Integrate IDGen Service
          • Integrate User Service
          • Add MDMS Configuration
          • Integrate MDMS Service
          • Add Workflow Configuration
          • Integrate Workflow Service
          • Integrate URL Shortener Service
        • Section 4: Integrate Billing & Payment
          • Custom Calculator Service
          • Integrate Calculator Service
          • Payment Back Update
        • Section 5: Other Advanced Integrations
          • Add Indexer Configuration
          • Certificate Generation
        • Section 6: Run Final Application
        • Section 7: Build & Deploy Instructions
        • FAQs
      • Flutter UI Developer Guide
        • Introduction to Flutter
          • Flutter - Key Features
          • Flutter Architecture & Approach
          • Flutter Pre-Requisites
        • Setup Development Environment
          • Flutter Installation & Setup Guide
          • Setup Device Emulators/Simulators
          • Run Application
        • Build User Interfaces
          • Create Form Screen
        • Build Deploy & Publish
          • Build & Deploy Flutter Web Application
          • Generate Android APKs & App Bundles
          • Publishing App Bundle To Play Store
        • State Management With Provider & Bloc
          • Provider State Management
          • BloC State Management
        • Best Practices & Tips
        • Troubleshooting
      • UI Developer Guide
        • DIGIT-UI
        • Android Web View & How To Generate APK
        • DIGIT UI Development Pre-requisites
        • UI Configuration (DevOps)
        • Local Development Setup
        • Run Application
        • Create New Screen In DIGIT-UI
          • Create Screen (FormComposer)
          • Inbox/Search Screen
          • Workflow Component
        • Customisation
          • Integrate External Web Application/UI With DIGIT UI
          • Utility - Pre-Process MDMS Configuration
          • CSS Customisation
        • Citizen Module Setup
          • Sample screenshots
          • Project Structure
          • Install Dependency
          • Import Required Components
          • Write Citizen Module Code
          • Citizen Landing Screen
        • Employee Module Setup
          • Write Employee Module Code
        • Build & Deploy
        • Setup Monitoring Tools
        • FAQs
          • Troubleshoot Using Browser Network Tab
          • Debug Android App Using Chrome Browser
    • 🔄Operations Guide
      • DIGIT - Infra Overview
      • Setup Central Instance Infra
      • Central Monitoring Dashboard Setup
      • Kubernetes
        • RBAC Management
        • DB Dump - Playground
      • Setup Jenkins - Docker way
      • GitOps
        • Git Client installation
        • GitHub organization creation
        • Adding new SSH key to it
        • GitHub repo creation
        • GitHub Team creation
        • Enabling Branch protection:
        • CODEOWNER Reviewers
        • Adding Users to the Git
        • Setting up an OAuth with GitHub
        • Fork (Fork the mdms,config repo with a tenant-specific branch)
      • Working with Kubernetes
        • Installation of Kubectl
      • Containerizing application using Docker
        • Creation of Dockerhub account
      • Infra provisioning using Terraform
        • Installation of Terraform
      • Customization of existing tf templates
      • Cert-Manager
        • Obtaining SSL certificates with the help of cluster-issuer
      • Moving Docker Images
      • Pre and post deployment checklist
      • Multi-tenancy Setup
      • Availability
        • Infrastructure
        • Backbone services
          • Database
          • Kafka
          • Kafka Connect
          • Elastic search
            • ElasticSearch Direct Upgrade
            • Elastic Search Rolling Upgrade
        • Core services
        • DIGIT apps
        • DSS dashboard
      • Observability
        • ES-Curator to clear old logs/indices
        • Monitoring
        • Tracing
        • Jaeger Tracing Setup
        • Logging
        • eGov Monitoring & Alerting Setup
        • eGov Logging Setup
      • Performance
        • What to monitor?
          • Infrastructure
          • Backbone services
          • Core services
        • Identifying bottlenecks
        • Solutions
      • Handling errors
      • Security
      • Reliability and disaster recovery
      • Privacy
      • Skillsets/hiring
      • Incident management processes
      • Kafka Troubleshooting Guide
        • How to clean up Kafka logs
        • How to change or reset consumer offset in Kafka?
      • SRE Rituals
      • FAQs
        • I am unable to login to the citizen or employee portal. The UI shows a spinner.
        • My DSS dashboard is not reflecting accurate numbers? What can I do?
      • Deployment using helm
        • Helm installation:
        • Helm chart creation
        • Helm chart customization
      • How to Dump Elasticsearch Indexes
      • Deploy Nginx-Ingress-Controller
      • Deployment Job Pipeline Setup
      • OAuth2-Proxy Setup
      • Jira Ticket Creation
  • Reference
    • 👉Setup Basics
      • Setup Requirements
        • Tech Enablement Training - Essential Skills and Pre-requisites
        • Tech Enablement Training (eDCR) - Essential Skills and Prerequisites
          • Development Control Rules (Digit-DCR)
          • eDCR Approach Guide
        • DIGIT Rollout Program Governance
        • DevOps Skills Requirements
        • Infra Requirements
        • Team Composition for DIGIT Implementation
        • Infra Best Practices
        • Operational Best Practices
        • Why Kubernetes For DIGIT
      • Supported Clouds
        • Google Cloud
        • Azure
        • AWS
        • VSphere
        • SDC
      • Deployment - Key Concepts
        • Security Practices
        • CI/CD
        • Readiness & Liveness
        • Resource Requests & Limits
      • Understanding ERP Stack
        • ERP Monolithic Architecture
        • ERP Hybrid Architecture
        • ERP Coexistence Architecture
        • APMDP-HYBRID-INFRA ARCHITECTURE
        • eGov SmartCity eGovernance Suite
        • ERP Deployment Process
        • ERP Release Process
        • ERP User Guide
      • Deploying DIGIT Services
        • Deployment Architecture
        • Routing Traffic
        • Backbone Deployment
      • Troubleshooting
        • Distributed Tracing
        • Logging
        • Monitoring & Alerts
    • 📥Reference Reads
      • Analytics
      • DevSecOps
      • Low Code No Code
        • Application Specification
      • Beneficiary Eligibility
      • Government and Open Digital Platforms
      • Microservices and Low Code No Code
      • Registries
      • Platform Orientation - Overview
    • 🔏Data Security
      • Signed Data Audit
      • Encryption Techniques
      • Approaches to handle Encrypted Data
    • ❕Privacy
    • 🕹️DevOps
      • 1. How DNS works
      • 2. Load Balancer
      • 3. SSL/Cert-manager
      • 4.Ingress,WAF
      • 5.VPC
      • 6.Subnets
      • 7.EKS
      • 8.Worker Node Group
      • 9.RDS
      • 10.NAT
      • 11.Internet Gateway
      • 12.Block Storage (EBS Volumes)
      • 13.Object Storage (S3)
      • 14. Telemetry
Powered by GitBook

All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.

On this page
  • Scope
  • Data Privacy Policy For Admin Authority &/or Program Owner
  • 1. OBJECTIVE OF THE POLICY
  • 2. ADHERENCE TO DATA PRIVACY PRINCIPLES
  • 3. WHAT DATA DO WE COLLECT? OR WHAT IS ‘DATA’ UNDER THIS ‘PROGRAM’?
  • 4. HOW DO WE COLLECT THIS DATA?
  • 5. HOW DO WE STORE THIS DATA?
  • Data Security Measures
  • 6. WHY AND HOW DO WE PROCESS, DISCLOSE, AND/OR SHARE THIS DATA?
  • 7. HOW DO WE PROTECT PERSONALLY IDENTIFIABLE INFORMATION (PII)?
  • 8. CAN THIS POLICY BE CHANGED?
  • 9. YOUR CONSENT TO DATA COLLECTION, PROCESSING, DISCLOSURE, AND/OR SHARING.
  • 10. GRIEVANCES

Was this helpful?

  1. Platform
  2. Data Protection & Privacy
  3. Data Privacy Policy Templates

Admin & Program Owner Privacy Policy

Draft data privacy policy for administrative authority and/or program owner

Scope

This document is a sample data privacy and protection policy for the administrative authority and/or the program owner to pick up and replicate on their user-facing web pages. Entities using this document may make modifications as relevant to the context in which they are using this document.

This document is a draft for reference and does not have any legal effect in and of itself.

  • eGovernments Foundation does not guarantee that this document will correctly represent all relevant laws or legal obligations, as these can vary across jurisdiction and time.

  • eGovernments Foundation does not guarantee that the use of this draft, with or without modifications, will cover any or all legal obligations of a specific entity in a specific jurisdiction.

  • Any entity or individual that uses this draft, with or without modifications, does so at their own discretion, and at their own risk.

  • By using the draft policy provided, you acknowledge and agree that:

  • The draft policy is provided for informational purposes only and does not constitute legal advice.

  • The draft policy is a general template and may not be suitable for your specific needs or circumstances. It is your responsibility to review and modify the draft policy to meet your requirements.

  • We make no representations or warranties, express or implied, regarding the accuracy, completeness, or reliability of the draft policy. We do not guarantee that the draft policy is up-to-date or compliant with current laws or regulations.

  • You assume all risks and liabilities associated with the use of the draft policy. We shall not be held liable for any direct, indirect, incidental, consequential, or special damages or losses arising from the use or reliance on the draft policy.

  • We recommend consulting with a qualified legal professional to obtain advice tailored to your specific circumstances before implementing any policy based on the draft provided.

  • By using the draft policy, you agree to release and discharge us from any claims, demands, liabilities, actions, or causes of action arising out of or in connection with the use of the draft policy."

  • It is crucial to seek legal advice to ensure that this policy meets your specific requirements and is enforceable in your jurisdiction.

Data Privacy Policy For Admin Authority &/or Program Owner

<PROGRAM NAME> (“we” or “us” or “our”) respects the privacy of our users (“user” or “you” also referred to as ‘your’). Hence, we maintain the highest standards for secure activities, user information/data privacy and security.

<PROGRAM NAME> is a collaboration between <PARTNER(S) NAME(S)> and eGovernments Foundation. It is powered by DIGIT, which is an open-source software platform developed by eGovernments Foundation.

This privacy policy describes and determines how we deal with your personal and usage information in accordance with the applicable laws of India.

<PROGRAM NAME> refers to the services being provided through <PROGRAM NAME> website, mobile App, <OTHER CHANNELS AS RELEVANT>.

Through <PROGRAM NAME>, you can access and avail of services offered by <STATE OR ULB NAME> Government departments, Central Government department, Local bodies & their agencies and corporate/private bodies (utility services).

You can use <PROGRAM NAME> website/application/services in different ways such as service discovery, availing services, registering grievances, and so on.

1. OBJECTIVE OF THE POLICY

The purpose of this policy is to maintain the privacy of and protect the personal information of users, employees, contractors, vendors, interns, associates, and partners of <PROGRAM NAME>. The <PROGRAM NAME> ensures compliance with laws and regulations applicable (partner to insert a list of laws they have to comply with ) to <PROGRAM NAME>.

2. ADHERENCE TO DATA PRIVACY PRINCIPLES

We adhere to the principles of accountability, transparency, purposeful and proportional collection, usage, storage and disclosure of personal data (“PD”)[1].

3. WHAT DATA DO WE COLLECT? OR WHAT IS ‘DATA’ UNDER THIS ‘PROGRAM’?

We collect and/or access, store, process, use, and share information/data (“data”) to improve and provide better services to you. We collect and process PII such as your first name, last name, parent’s / guardian’s name, address, email address, telephone number, age, gender, and identification documents. We may collect your educational, demographic, location, device and other similar information.

We collect information such as Internet Protocol (IP) addresses, domain name, browser type, Operating System, Date and Time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc. However, no attempt is made to link these with the true identity of individuals visiting <PROGRAM NAME> app, website, Whatsapp Chatbot etc.

The information collected by us shall depend on the services being used by you and may vary from time to time, which will be informed through changes in this policy.

We also collect, store, process, and share information pertaining to employees of local government or other government agencies. Specific information can include name, age, gender, details of spouse or dependents, address, administrative details such as employee ID or other reference number, as well as information on bank accounts (used for processing salaries or pensions). As employers, local governments may be required to maintain certain information on their employees and pensioners for tax purposes, such as PAN numbers; this information may also be recorded and shared.

We derive, store, process, and share transactional data, which describes the progress of any ongoing task (e.g. any service requested by a resident) through the systems of the local government or other government agency. This can include information about the specific role to whom a given task is assigned (or with whom it is pending), the amount of time elapsed on processing / completing a given request (or task / sub-part thereof), and whether this task has been completed within the benchmark or designated amount of time. It can also include details about the channel through which a particular request was received, such as the ULB counter, service centre, website, helpline, mobile app, chatbot, etc.

We derive, store, process, and share aggregated data. These aggregates are derived from the transactional data. This includes data such as aggregate or cumulative revenue collection, aggregate or cumulative number of service requests, percentage of requests resolved within the benchmark time period, etc. The above data may be further analysed and presented in terms of the type of collection, request, or complaint, the channel through which it was received, etc.

We may collect, store, process, and share telemetry data, which studies how much time is spent on a given screen or field in a workflow/user interface (UI). Such data is normally processed and shared in aggregate, and will not be used to identify specific individuals. In the event that specific individuals are sought to be identified, such as for user research, their consent will be sought for the further processing or sharing of their data.

4. HOW DO WE COLLECT THIS DATA?

We collect data directly from you (when you use our services) as and when you register and login into the app/website. We may also collect data from Union, State, and Local governments, including their agents/employees as well as receive data that is available openly for public use.

5. HOW DO WE STORE THIS DATA?

Your data is stored in a secure manner. <PROGRAM NAME> is powered by the DIGIT platform, which has embedded privacy settings (such as encryption), which do not allow your data to be visible to anyone, except persons who are authorised to do so by virtue of their official role. Unless indicated otherwise, this data will be retained for a minimum period of <AS PER UNION / STATE / ULB LAWS> and a maximum period of <AS PER UNION / STATE / ULB LAWS>. You can review and edit your data, as well as delete your data from the app/website by following the procedures <AS PER UNION / STATE / ULB LAWS>.

You may delete your account at any time you wish. In case of deletion, we will remove all your PD from the system, so that it is not visible and/or accessible from any regular operation. However, the PD may be retained in an encrypted manner for the purpose of legal requirements/compliances <AS PER UNION / STATE / ULB LAWS> from the date of deletion/termination.

After deletion, in case you wish to recreate your profile, the same is permissible and none of the previously captured information will be populated automatically. You need to register as a fresh user.

If you simply delete/remove the application from your mobile device but do not delete your profile or unregister yourself from the app/website, you shall continue to be a registered user of the app and we shall continue to send you all communications that you have opted for unless and until you opt-out of such communications, or <AS PER UNION / STATE / ULB LAW>.

In case you surrender/disconnect your <PROGRAM NAME> registered mobile number it is recommended to delete your profile or unregister yourself from the application also.

Data Security Measures

With respect to such data, we ensure the following safeguards:

  • Define roles for our employees, and grant access only to such data as they require to perform these roles (role-based access controls)

  • Maintain access audit logs of entities accessing data in our systems

  • Maintain safe retention/storage of datasets in authorised cloud systems

  • Conduct vetting of contractual agreements with third-party vendors/implementing agencies for data access and processing functions

6. WHY AND HOW DO WE PROCESS, DISCLOSE, AND/OR SHARE THIS DATA?

We use this data to serve you with the best civic experience, such as providing grievance redressal mechanisms, efficient service delivery, creating dashboards of ULB activities, etc. Specifically:

  • We process this data as necessary to provide you with the services you are requesting.

  • We may process, disclose, or share certain metadata, as well as aggregated and anonymised data, in order to assess and improve the status of such service delivery over time.

  • We may disclose or share this data to/with employees and/or contractors of the urban local body, state government, or other government agencies, or service providers, whose role requires them to view or use this information in order to perform their official duties, including providing you the service(s) you are requesting.

  • Resolving any disputes that may arise with respect to the transactions/deals that you may conduct using the app/website.

  • Monitoring user activity and preferences as evidenced by user’s activity on the app to provide a better experience in future.

  • Detecting, investigating and preventing activities that may violate our policies or that may be illegal or unlawful.

  • Conducting research or analysis of the user preferences and demographics as statistical data and not as individual data.

  • We may disclose or share this data in order to comply with the law or any legal process, including when required in judicial, arbitral, or administrative proceedings.

  • Payments made through the <PROGRAM NAME> App/website are processed via secure payment gateways.

We will not process, disclose, or share your data except as described in this policy or as otherwise authorized by you.

7. HOW DO WE PROTECT PERSONALLY IDENTIFIABLE INFORMATION (PII)?

By default, we display PII in a masked format. Persons with the appropriate authorisation can request for this data to be unmasked. We log each such request, thus creating a non-repudiable and auditable trail of each such access to PD[2].

8. CAN THIS POLICY BE CHANGED?

Yes, this policy is subject to change at any time and without notice. This page will be updated with any such modified policy, and such changes will not be deemed to take effect until and unless they are shown on this page. You are reading the current version of the policy.

9. YOUR CONSENT TO DATA COLLECTION, PROCESSING, DISCLOSURE, AND/OR SHARING.

By using this service, you confirm that you have read, understood, and accepted this Policy, and that we may collect, process, disclose, and/or share your data as described in this Policy.

10. GRIEVANCES

In case of any grievances, you may send your complaints for redressal over the Grievance Portal available at <LINK TO GRIEVANCE PORTAL / MECHANISM>.


  1. Once any data-related legislation is introduced, a formal/detailed Privacy Policy can be drafted and linked here. ↑

  2. As above, this can be detailed in the Full Privacy Policy. ↑

PreviousImplementing Agency Privacy PolicyNextSupporting Agency Privacy Policy

Last updated 1 year ago

Was this helpful?

🔐